SLSA levels & provenance

The Build track, L1–L3, and non-falsifiable provenance.

Advanced35 min · lesson 2 of 15

SLSA (Supply-chain Levels for Software Artifacts) is the framework that turns "trust our builds" into a graded, checkable standard. Its core idea is provenance — a verifiable record of how an artifact was built — and its levels describe how hard that provenance is to forge.

The Build track and its levels

SLSA v1.0 formalizes the Build track. Level 0 is no guarantees. Level 1 requires that provenance exists — the build produces a record of its inputs and process, so consumers can inspect it. Level 2 adds a hosted build platform and signed provenance, raising the bar beyond a script on a laptop. Level 3 is the meaningful security threshold: a hardened, isolated build platform that produces non-falsifiable provenance — the build cannot forge a clean record of itself, because the platform, not the build steps, generates and signs it. Higher levels are about the trustworthiness of the provenance, not the absence of bugs.

what SLSA provenance captures
# A SLSA provenance predicate (simplified) — the "birth certificate":
{
"buildType": "https://github.com/actions/workflow@v1",
"builder": { "id": "https://github.com/acme/api/.github/workflows/release.yml@refs/heads/main" },
"invocation": { "configSource": {
"uri": "git+https://github.com/acme/api@refs/heads/main",
"digest": { "sha1": "a3f0c7e1..." } } }, # exact source commit
"materials": [ { "uri": "pkg:deb/...", "digest": {"sha256":"..."} } ] # pinned inputs
}
# Subject: the artifact digest this provenance describes (sha256:...).

Why L3 is the goal

At L1/L2 a sufficiently-compromised build could still lie about itself. L3’s isolation and platform-generated provenance make that infeasible: the provenance is produced outside the influence of the build steps and cryptographically bound to the exact source and inputs, so a downstream verifier can trust "this artifact was built from commit X by builder Y" as fact. Reusable, hardened build platforms (GitHub’s SLSA generator, hosted builders) make reaching L3 practical without running your own hardened infrastructure. Provenance is necessary but not sufficient — you still sign it and verify it at a gate.

SLSA build levels
1L0 — none
no provenance guarantees
2L1 — provenance exists
record of build inputs/process
3L2 — hosted + signed
signed provenance, hosted build
4L3 — non-falsifiable
isolated, hardened, platform-generated
Each level makes the provenance harder to forge. L3 is where "how it was built" becomes trustworthy fact.
A SLSA level is about provenance trust, not vulnerability-free code
Reaching SLSA L3 proves an artifact was built the way you claim from the source you claim — it does not mean the code or its dependencies are free of vulnerabilities. Pair SLSA (build integrity) with SBOMs and scanning (component risk); they answer different questions and you need both.